Prohibited Categories and Debarred Suppliers: Enforcing Rules and Controls

As we make our way to the third article in Card Integrity’s “Back to Basics” series, we wanted to take an opportunity to discuss a topic that has not been touched on much in the past. Prohibited categories are common in any commercial card policy, but depending on the specific industry of the organization, they can vary wildly. Prohibited categories for a university, for example, may differ from prohibited categories at a corporation.

What are procurement categories?

When we talk about prohibited categories, it’s quite easy to envision what we’re talking about. Categories in the context of procurement refers to goods, services, or commodities that are grouped together according to common demand and suppliers. As an example, a replacement headlight may be in an automotive parts category along with windshield wipers. A journal, ballpoint pens, and sticky notes may all be under the category of stationery, and so on.

Why it matters

Procurement categories are helpful for being able to see what sorts of goods or commodities are being procured at a glance. Many organizations would have the purchase of firearms against policy, for example, so seeing transactions under the new weapons and firearms category would naturally sound some alarms. So, prohibited categories would be those categories that are set aside as against your policy. You prohibit certain categories: commonly prohibited ones would be those involving fashion, apparel, tobacco, weapons and firearms, etc. This way you know whenever something that shouldn’t be purchased is purchased. That makes a lot of sense… at least, in theory. Issues arise when you start to get into the logistics of how these items are categorized. With that, we introduce merchant category codes, more commonly known as MCCs.

What are MCCs?

Merchant category codes are four digit codes that are assigned to vendors. In our examples above, a vendor like O’Reilly Auto Parts or AutoZone that sells headlights and wipers would likely be under MCC 5533, “Automotive Parts and Accessories Stores”. Stationery would be under MCC 5111: “Stationery, Office Supplies, Printing and Writing Paper”. Citi Bank has all of the merchant category codes that they recognize publicly available in this manual if you want to peruse them. Certain vendors have their own MCCs, too. This is common for vendors in travel and entertainment industries, such as airlines and hotels, as you can see in the manual. The major card companies place vendors under these category codes.

The problem is that MCCs, to put it bluntly, are unreliable. This can be illustrated with one high-profile example: Amazon. Amazon may have started out as a bookstore in the ’90s, but these days, to call the largest online retailer in the world a bookstore would be disingenuous at best. They are still categorized under the MCC for bookstores. If one of the largest retailers in the world isn’t categorized correctly, it throws much of the system into question.

Even in situations where a vendor is categorized under a truly relevant MCC, the merchant category code alone isn’t enough to reliably deter fraud and misuse. For example, imagine a facilities manager going to Lowe’s to pick up ceiling tiles. But instead of buying ceiling tiles, he buys gift cards… which Lowe’s conveniently sells (including Apple, Amazon, Visa, and many others). If you’re just going by the merchant category code of the transaction, you’d never know that this facilities manager just defrauded his employee. That’s where Level III data comes in.

The importance of Level III data

Fortunately, there is a solution to this conundrum: level III data. Level III data is the most detailed layer of data that is available. It tells you everything you need to know about individual transactions, including:

• Merchant name
• Transaction and tax amount
• Date of purchase
• Order and invoice number
• Item quantity and description

This would stop our imagined Lowe’s defrauder in his tracks. Unfortunately, the only downside to Level III data is that not every major credit card provider offers it, and it is not available for transactions in every country and territory.

If you’re interested in learning more about level III data versus MCCs, you can read our blog post below which goes more in depth on that specific topic.

Level III Data vs. MCCs: How to Maximize Spend Visibility

So, how do you prohibit categories effectively?

While level III data is helpful for determining the legitimacy of specific transactions, and goes a long way towards tightening internal controls, it by itself doesn’t solve the main issue that we originally put on the table. You’ve got procurement categories, and you need to prohibit some of them. The MCCs don’t really help. The level III data can get you there, but it doesn’t do anything at the category level. If you feel stuck with useless MCCs, and don’t see a way out to make use of categories in a way that is effective, Card Integrity can help. Contact us to learn more about how we help clients with this exact dilemma.

What about debarred suppliers?

Your organization may want to debar certain suppliers or vendors for a variety of reasons. In public procurement, certain vendors are federally debarred, meaning that public organizations are not allowed to do business with them for one reason or another. Even if you work for a private company, you may want to debar certain suppliers because you just don’t want your employees spending money there, or for another internal reason. Card Integrity can help with this too, whether it be federally debarred suppliers or vendors or merchants that you wish to debar for whatever reason.

Learn more by signing up for our free webinar

Prohibited categories and debarred suppliers are important considerations when it comes to card misuse, abuse, and fraud. Sign up below for our Fighting Corporate Credit Card Fraud: A Back-to-Basics Overview webinar on Wednesday, October 30, 2024, 10AM CST. We will be highlighting fraud, misuse, and abuse in corporate credit card fraud, but with tools, tips, and tricks at your disposal to get ahead of it, along with examples of what we’ve seen over the years in the industry. In the spirit of Halloween, our presenter will be donning his Sherlock Holmes-inspired hat and magnifying glass. You don’t want to miss it. Hope to see you there! And even if you’re reading this blog post after it passes, a recording of the event will be made available below.

Read the rest of the ‘Back to Basics’ series

This article was only the third in our “Back to Basics” series of articles for both beginners and long-time card program administrators to learn and/or get reacquainted with the elemental knowledge that lays the foundation for a successful system.